cannot create folder inside /var/www/clients/clientx/webx/

Discussion in 'General' started by Ovidiu, Jul 26, 2013.

  1. Ovidiu

    Ovidiu Active Member

    Not sure why, I'm logged in via SSH and did a sudo su so I'm root yet this happens:

    Is this by design? I was trying to create a folder that can be accessed via FTP, outside of the web folder. Actually the ultimate goal is to have a symlinked directory not a real folder but when the creation of a symlink failed I tried a folder and to my surprise even that didn't work.

    Any ideas why this is happening?
     
  2. Croydon

    Croydon HowtoForge Supporter

    Hi,

    this is due to the new security settings in ISPConfig that protect this directory with chattr +i (immutable bit).
    If you need to create a folder there you can either temporarily disable the protection with
    Code:
    chattr -i /var/www/clients/clientX/webY
    create the folder and enable the protection again with
    Code:
    chattr +i /var/www/clients/clientX/webY
    .
    Second option is to lower the security settings permanently inside ISPConfig in the System -> Server config -> web.
     
  3. till

    till Super Moderator

    yes.

    There is already a folder for that purpose, it is named "private", so no need to create an additional folder.
     
  4. Ovidiu

    Ovidiu Active Member

    Thanks you you both for the answers, public doesn't really fit my needs as I'd prefer for the folder to be a symlink but if that doesn't work, I'll use public :)
     
  5. Ovidiu

    Ovidiu Active Member

    What I'M looking to do right now is to create a folder outside of the web folder for an app to safely store its backups accessible by the web server user. Is this possible/feasible?

    I tried creating a folder inside i.e. /var/www/clients/client1/web60/ and gave the correct permissions then used chattr -i again but the web server still cannot access that folder.

    I've got a feeling this is intended?
     
  6. doekia

    doekia New Member

    The behaviour is by design and can be changed by setting "Security level" to medium on the server config / web.

    The "feature" as the bug not to remove the immutable attribute if any.
    You need to manually chattr -i to remove it (the settings will then persists whatever change you made)

    If you want to maintain security level to high, you need to chattr -i prior been able to do any change on the www/clients/clientX/webY folder and either chattr +i after you made the change or wait until something get changed on the site definition (ISP does it if security level is high)

    To make a folder visible as web content, it need to be under web (DOCROOT) regularly or thru symbolic link. You may need on the later to adjust path in the wrapper if you are using fcgid ...

    Regards
     
  7. till

    till Super Moderator

    The setting is "web folder protection" and not the security level. security level should never be set to medium on servers that are connected to the internet.

    This folder exists already, it is named "private". so you dont have to alter any security settings or create folders to store data secrely outside of the docroot.
     
  8. doekia

    doekia New Member

    ;-) my bad
     

Share This Page